LDAP users are failing to login to IM, AC, and UMP/OC.  From the loglevel 3 hub logs we see errors similar to the following:

hub: (nim_ldap_query) ldap_search_ext_s(base:=OU=Corp Users,DC=corp,DC=ad,DC=publix,DC=com, filter:=(&(objectClass=person)(|(@attr_usr_id=qtlbf)(sAMAccountName=qtlbf)))): Bad search filter

• Release: UIM/hub v7.6x through 7.80, possibly higher

The filter_user key value in the  ldap->templates->Active Directory section of the hub.cfg file had a typographical error: 

filter_user = (&(objectClass=person)(|(@attr_usr_id=$loginname)(sAMAccountName=$loginname)))

The @attr_usr_id string is incorrect. This needs to be changed to $attr_usr_id when attempting to configure the hub to use specific AD attributes for LDAP authentication.

Make changes to the following 2 keys in the ldap->templates->Active Directory section of the hub.cfg using the hub probe's Raw Configure GUI:

filter_user = (&(objectClass=person)(|($attr_usr_id=$loginname)(sAMAccountName=$loginname)))
attr_usr_id = userPrincipalName

Note that @attr_usr_id is replaced with $attr_usr_id so that the value of your attr_usr_id key will be used in the filter that the hub will use.

Alternatively, you can change just the filter_user key in the ldap->templates->Active Directory section of the hub.cfg:

filter_user = (&(objectClass=person)(|(usrPrincipalName=$loginname)(sAMAccountName=$loginname)))

In this case the value of the attr_usr_id will not be used.